1. Field of the Invention
The present invention generally relates to computer security, database management systems (DBMS), and content management systems (CMS). More specifically, the present invention relates to a method of enforcing access rules for objects stored in a CMS that are accessed by a variety of application programs.
2. Description of the Related Art
Generally, CMS systems are used to provide a single, secure repository for virtually any kind of digital information (e.g., files, documents, objects, tables, and other data). For example, a CMS system may be used to store design data, files, and drawings, etc., accessed by multiple users of a computer-aided design (CAD) system. By storing content in a centralized location, users can locate, share, reference, and reuse that content. A CMS is a computer software system for organizing and facilitating collaborative creation of content in a multi-user system. Typically, a CMS stores user content in a file system and stores information about the files in a relational database. Because a CMS system may provide broad accessibility to multiple users, it is often desirable to restrict which content users may access. For example, access restrictions may be specified using access control lists (ACLs).
An ACL is used to enforce access rules for an object identified in the ACL. ACLs are a means of determining whether a user has the appropriate access rights to a given object depending on attributes of the user making the request, (e.g., the user's identity or membership in a group). An ACL is a data structure (e.g., a table) with entries specifying individual user or group rights to specific system objects, such as a program, a process, or a file. The privileges or permissions determine specific access rights, such as whether a user can read from, write to, or execute an object. Thus, among other things, an entry in the ACL controls whether a user, or group of users, may alter or access an object, or both.
To provide adequate security in a CMS, ACLs may need to be associated with individual rows in one or more tables in the relational database. This occurs because the CMS system may use individual rows of a database table to reference objects in the file system, each with an entry in an ACL. Existing DBMS systems fail to provide support for this kind of access control. As a result, one approach to provide the necessary security is to have a user application to perform access checks when performing an operation involving content in the CMS system. However, access control and the core application functionality (e.g., providing a CAD system) are usually unrelated concerns. A well-designed application should reflect a separation of these concerns by coding access controls independently from application functionality.
Two common approaches used to provide access control in a CMS system suffer from several drawbacks. As suggested, in a first approach, an application programmer may explicitly code access checks as part of an application that accesses content in the CMS. For example, an application may include structured query language (SQL) queries or stored procedures that perform access control functions for content stored in the CMS. A stored procedure is a set of SQL statements with an assigned name that is stored in the database in compiled form. This first approach violates the desired separation of concerns principle, because it entangles access control with application logic. Worse, the rather low level of sophistication available in the SQL language results in duplicated code strewn throughout every query or stored procedure because the routines that perform the access checks are duplicated in each function that accesses the database.
A second approach includes providing a data access framework using a load-modify-store architecture that treats the database as dumb storage. While this second approach allows the use of higher-level languages and object-oriented techniques to separate application program concerns from security and access control, it has performance problems due to large amounts of small data interactions with the database. Thus, this approach does not scale well.
Accordingly, there is a need for a method to allow access checks to run in the database and, at the same time, keep the access checking code separate from the application code. There is also a need for a time and cost efficient solution.